CVE-2015-3093

Adobe Flash Player <13.0.0.289 & 14.x-17.x <17.0.0.188 - Memory Cor...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3093. PoCs published by bilou.

AI-analyzed exploit summary This exploit targets a memory initialization flaw in Adobe Flash's handling of DefineBitsLossless and DefineBitsLossless2 tags, leading to information disclosure via uninitialized memory. The PoC manipulates zlib-compressed data to trigger the vulnerability, allowing partial pointer disclosure.

Description

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3090.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bilou · textdoswindows

https://www.exploit-db.com/exploits/37846

View Code ZIP pw:eip

This exploit targets a memory initialization flaw in Adobe Flash's handling of DefineBitsLossless and DefineBitsLossless2 tags, leading to information disclosure via uninitialized memory. The PoC manipulates zlib-compressed data to trigger the vulnerability, allowing partial pointer disclosure.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player 17.0.0.134

No auth needed

Prerequisites: Adobe Flash Player 17.0.0.134 · Flex SDK to compile the PoC

MITRE ATT&CK